A few months ago a friend asked me to take a look at their website because they had been receiving an immense amount of spam. Worse yet they were also receiving threats from others to stop sending spam to them. I immediately knew they were being targeted by code injection, but as I dug around I found more danger than I was expecting.

It seems that their grandchild (No doubt a future Mark Zuckerberg) had created the shopping cart for them. The shopping cart application had little to know security. In seconds I was able to dump all of their customers credit card information on to the screen before their frightened eyes.

In this video tutorial I’ll show you all of the mistakes that were made along with some other tips that will help you defend your site from SQL Injection.

NOTE: If you think websites are almost never susceptible to SQL Injection, I personally have seen flaws in 1/4th of the sites I have looked at! Industry analysts believe the percentage is closer to 1/3rd!

Like always the code used in the tutorial follows the video. You can use it however you like, but I’m not guaranteeing it is 100% secure, just that it is more secure than most code you will find. Leave questions or comments below.

Hello,
I am a total newb, all my knowledge of php comes from your tutorials.
I used this files for my website but dreamwaver reports errors on the functions require_once and trigger_error.
As if thy were never difined.
Tnx for info